Campaign Management

Campaigns Overview

The campaigns page provides a view of all your phishing simulation campaigns, allowing you to monitor progress, analyze results, and manage ongoing operations from a single interface.

Click on any campaign name to access detailed analytics, recipient interactions, and management options for that specific campaign.

Individual Campaign Dashboard

Each campaign's dedicated page provides analytics, real-time event timelines, recipient interactions, and administrative actions. This view enables campaign monitoring and management throughout the simulation lifecycle.

Campaign Metrics Dashboard

The metrics cards at the top of each campaign page provide visibility into key performance indicators, allowing you to assess campaign effectiveness and user engagement levels.

Click on any metric card to view comparative analysis and detailed breakdowns against other performance indicators.

Campaign Performance Metrics

Metric	Description
Recipients	Total number of recipients targeted by this campaign
Emails Sent	Number of emails successfully delivered to date
Emails Read	Unique recipients who opened the email (tracking pixel loaded)
Website Visits	Unique recipients who clicked through to phishing pages
Reported	Unique recipients that have reported the campaign

Interactive Campaign Timeline

The campaign timeline provides a real-time visualization of all campaign events, enabling you to track user interactions chronologically and identify patterns in recipient behavior throughout the simulation period.

Timeline Navigation

• Zoom In: Double-click or scroll to focus on specific time periods
• Event Details: Hover over any event marker to view detailed information
• Time Format: Toggle between 12h and 24h time formats
• Reset View: Click Reset View to see the complete timeline

Campaign Configuration & Management

The campaign details section provides information about your simulation configuration, template settings, and available management actions. This control panel enables campaign administration and monitoring.

Click on the Template link to access information about the template configuration used in this campaign.

Campaign Management Actions

Access campaign management tools through the available action buttons. These controls allow you to modify campaign status, export data, and manage the simulation lifecycle:

Available Campaign Actions

Action	Description
Close Campaign	Immediately completes the campaign and cancels any pending email deliveries. No further interactions will be recorded.
Anonymize Campaign	Closes the campaign and anonymizes all collected data. Individual recipient data gets anonymized.
Export Events	Downloads a CSV file containing all campaign events, interactions, and timestamps for analysis and reporting.
Export Submitters	Downloads a CSV file containing all submitters of the campaign.
Upload Reported CSV	Upload a CSV with the users that reported the campaign. The CSV file must contain the following headers: Reported By that matches the reporters email. Date reported(UTC+02:00) Time when the user reported the phishing email. Ex. value 2025-12-24T10:01.066Z This format as can be exported from Microsoft 365. More information can be found on Microsoft Submissions Admin

Campaign Events Analysis

The events table provides a chronological view of all campaign interactions, enabling analysis of user behavior patterns and campaign effectiveness metrics.

Recipient Performance Analysis

The campaign recipients table provides performance tracking for each targeted user, showing their interaction level and current status within the simulation. This view enables targeted follow-up training and security awareness initiatives.

The Status column displays the highest-priority interaction event for each recipient, providing quick insight into their engagement level.

Utilize the recipient Actions menu to manually manage email delivery, access detailed event histories, or perform individual recipient management tasks.

Recipient Management Actions

Action	Description
Copy Email	Copies the personalized email content as HTML source code, enabling custom delivery through alternative channels
View Email	Displays the formatted email content in a preview window. Note that viewing will trigger tracking pixels, making this ideal for creating rich copies for third-party email systems
Copy Lure URL	Copies the personalized phishing page URL to clipboard for manual distribution or testing purposes
View Events	Opens the detailed event timeline for this specific recipient, showing all interactions and timestamps

Click on any recipient name to access their individual timeline view, providing interaction history and behavioral analysis:

Creating Your First Campaign

A campaign represents a phishing simulation operation, from email delivery through final reporting. Each campaign targets specific recipient groups using configured templates and follows defined delivery schedules.

Prerequisites

Before creating a campaign, ensure you have the following components configured:

• A campaign template with all required elements
• At least one recipient group with targeted users
• Configured domains and email delivery settings

1. Step 1: Basic Campaign Information

   Begin by clicking New Campaign on the campaigns page and configure the campaign settings.

   

   Campaign Basic Information

   Configuration	Description
   Campaign Name	Descriptive name to identify this simulation campaign
   Template	Template containing email design, landing pages, and delivery settings
   Campaign Type	Test campaigns are excluded from statistics and marked with a test label for training purposes

2. Step 2: Target Recipient Selection

   Select the recipient groups that will be targeted in this campaign. Choose from your pre-configured groups to define your simulation audience.

   

   Note: The number beside each group represents the total recipients in that group. Each recipient is included only once, even if they belong to multiple selected groups.

3. Step 3: Delivery Method Configuration

   Configure how and when your campaign emails will be delivered by selecting a delivery method that matches your simulation objectives.

   

   Time Box Delivery

   The Time Box method evenly distributes email sending across your specified time window, ensuring consistent delivery patterns.

   

   Time Box Delivery Options

   Setting	Description
   Delivery Start	Campaign launch date and time
   Delivery End	Campaign completion date and time
   Sort By	Organize delivery order by recipient attributes (e.g., department, location)
   Sort Order	Ascending or descending order for the selected sort criteria
   Auto-Close	Automatically complete campaign at specified time. Completed campaigns stop recording new interactions.
   Auto-Anonymize	Automatically anonymize all recipient data while preserving aggregate statistics for compliance purposes

   Daily Slots Delivery

   Use Daily Slots for precise control over delivery timing, restricting emails to specific weekdays and business hours for maximum realism.

   Example: Monday through Friday, 8:00 AM to 4:00 PM

   

   Daily Slots Configuration

   Setting	Description
   Campaign Duration	Overall start and end dates for the campaign period
   Delivery Sorting	Recipient organization criteria and sort order
   Active Days	Specific weekdays when emails should be delivered
   Delivery Hours	Time window within each active day for email sending
   Auto-Close	Automatic campaign completion settings
   Auto-Anonymize	Scheduled data anonymization for privacy compliance

   Self-Managed Delivery

   Self-Managed campaigns provide flexibility by allowing manual control over email delivery. This method is ideal for custom delivery scenarios, multi-channel approaches, or integration with external systems.

   

   Self-Managed Campaign Options

   Setting	Description
   Manual Close	Configure when to manually complete the campaign and stop recording interactions
   Manual Anonymization	Settings for manually triggered data anonymization while maintaining statistical integrity

4. Step 4: Advanced Campaign Options

   Configure additional campaign features and integrations for your simulation capabilities and data collection requirements.

   

   Advanced Campaign Features

   Feature	Description	Availability
   Data Collection	Enable collection and storage of data submitted by recipients on phishing pages	Available
   IP Filtering	Restrict phishing page access using IP allow/deny lists	Available
   Webhook Integration	Configure real-time event notifications to external systems and APIs	Available

5. Step 5: Campaign Review and Launch

   Review all campaign configurations before launching your phishing simulation. This final step prevents configuration errors and ensures campaign performance.

   

   Verify all settings, recipient selections, and delivery configurations. When satisfied with your campaign setup, click Create Campaign to launch your phishing simulation.

Campaign Templates

Templates are reusable campaign configurations that combine domains, email delivery settings (SMTP or API), email designs, and landing page sequences. They streamline campaign creation by providing simulation components that can be used across multiple campaigns.

Template Management Overview

The templates overview displays all available simulation templates, their configuration status, and associated components. This view enables template management and reuse across your organization's phishing simulation programs.

Template Configuration Components

Component	Description
Template Name	Descriptive identifier for the template configuration
Domain	Configured domain for hosting phishing landing pages
SMTP Configuration	SMTP server settings for traditional email delivery
API Sender	API-based email delivery service configuration
Email Template	Pre-designed email content used for phishing lures
Before Landing	Optional initial page or proxy page used before the main phishing page
Main Landing Page	Primary phishing page or proxy page
After Landing	Optional post-capture proxy for extended simulation scenarios
Completion Status	Indicates if template is ready for use. Incomplete templates may have missing or deleted required components

Creating Campaign Templates

Template creation requires planning and configuration of multiple components. Ensure you have all necessary elements prepared before beginning the template creation process.

Prerequisites

Before creating a template, ensure the following components are configured:

• Domain Configuration - Configured domain for hosting phishing pages
• Email Delivery Method - Either an SMTP sender or API sender for email delivery
• Email Template - Designed phishing email content with appropriate lures
• Landing Pages - At least one landing page for user interaction

Begin template creation by clicking New Template on the templates page to access the configuration wizard.

Template Configuration Process

Basic Template Information

Setting	Description
Template Name	Descriptive name to identify this template configuration
Delivery Method	Choose between SMTP server delivery or API-based email sending

Delivery Configuration

Email Delivery Settings

Component	Description
SMTP Configuration	Pre-configured SMTP server settings for traditional email delivery
API Sender	API-based email service configuration for advanced delivery options
Email Template	Pre-designed email content that will be sent to recipients

Domain and URL Configuration

Domain and URL Structure Settings

Setting	Description
Domain Selection	Choose the configured domain for hosting phishing landing pages
URL Path	Custom path segment added to domain URLs for enhanced credibility and context (e.g., /login, /secure, /update)
Query Parameter Key	Parameter name used in URLs to identify individual recipients. Customizable for improved URL authenticity
Session State Key	Parameter for tracking multi-page navigation flow when using sequential landing pages

Page Flow Configuration

The page flow defines the user journey after clicking the phishing email link. This sequence can include multiple pages to create realistic attack scenarios and educational experiences.

Page Flow Components

Page Type	Purpose and Description
Pre-Landing Page	Initial page for user engagement, credential collection, or traffic filtering before the main simulation
Pre-Landing Proxy	Initial proxy configuration for intercepting traffic to legitimate websites before the main campaign interaction
Main Landing Page	Primary phishing simulation page where user interactions and data collection occur
Landing Proxy	Primary proxy configuration for main campaign interaction, capturing credentials and session data from real applications
Post-Landing Page	Educational or redirect page shown after interaction completion. Used for security awareness training or redirection
After Landing Proxy	Post-capture proxy interaction for additional data collection or extended simulation scenarios
POST Redirect URL	Gophish compatible URL. (Campaign URL in Gophish) Use this keep the behavior of Gophish campaign, were after the final POST request, it redirect to this URL to complete the campaign for the recipient. Note: Does not work with proxy configurations.

Microsoft Defender Integration

Microsoft Defender for Office 365 includes security measures that may block phishing simulation emails. To ensure delivery of your security awareness campaigns, you can configure allow listing through Microsoft's Advanced Delivery Policy for third-party phishing simulations.

For templates using SMTP configuration, Phishing Club provides access to the required allow listing information. Navigate to the campaign templates page and click Allow listing in the template actions menu to access configuration details.

The allow listing modal displays information required for configuring Microsoft Defender for Office 365 Advanced Delivery Policy, enabling integration with your existing security infrastructure.

Microsoft Defender Allow Listing Information

Configuration Field	Description and Usage
MAIL FROM Domain	The domain component of the sender address configured in your template's email settings (RFC 5321.MailFrom)
Sending IP Address	The source IP address for your phishing simulation emails, typically provided by your email infrastructure or SMTP service provider
Simulation URL Pattern	Domain pattern for phishing simulation URLs, usually formatted as yourdomain.com/* to allow all paths and subpages

Microsoft Defender Configuration Steps

Follow these steps to configure allow listing in Microsoft Defender for Office 365:

1. Access Advanced Delivery: Navigate to Microsoft Defender Advanced Delivery
2. Select Tab: Click the Phishing simulation tab
3. Create Configuration: Click Add or Edit to configure third-party phishing simulation settings
4. Enter Values: Input the information from Phishing Club's allow listing modal:
   • Domain: Your MAIL FROM domain
   • Sending IP: Your email sending IP address
   • URLs to Allow: Your simulation domain pattern
5. Save Configuration: Apply the settings to enable allow listing

For configuration guidance, consult the official Microsoft documentation on Advanced Delivery Policy configuration.

Advanced IP Filtering

IP filtering provides security for your phishing simulations by controlling access to landing pages based on source IP addresses. This feature ensures that only intended recipients from authorized networks can access your simulation content, preventing external interference and maintaining campaign integrity.

Configure IP filters during campaign creation in the Options section. Custom deny pages can also be configured to display alternative content to unauthorized visitors, maintaining operational security.

Creating IP Filter Rules

IP filter rules use CIDR notation to define network ranges and access policies. These rules can be configured as either allow lists (permit only specified IPs) or deny lists (block specified IPs while allowing others).

The IP filters are not intended as a advanced security measure and can be easily bypassed using X-Fowarded or similar headers.

IP Filter Configuration Options

Setting	Description
Filter Name	Descriptive name to identify this IP filter rule set
Import from File	Upload a text file containing CIDR ranges for bulk configuration of IP filter rules
Filter Type	Choose between Allow (permit only listed IPs) or Deny (block listed IPs) filter behavior
CIDR Ranges	List of IP address ranges in CIDR notation. Single IP addresses are automatically converted to /32 notation for precise matching

Webhook Integration

Webhooks provide real-time integration capabilities by automatically sending HTTP requests to external APIs when campaign events occur. This enables integration with security orchestration platforms, notification systems, ticketing systems, and custom applications for automation and monitoring.

Each webhook call is triggered when a campaign event occurs, providing visibility into user interactions and campaign progress. This real-time data streaming enables rapid response to security awareness training needs and automated workflow integration.

Webhook Request Format

Webhook requests include authentication headers and structured JSON payloads:

Accept-Encoding: gzip
User-Agent: Go-http-client
Content-Length: 142
Content-Type: application/json
X-Signature: 3ec2d0d777495b4410331a8e22de309e393761ed2e16f4271577e812ffaf26e3

{
  "time":"2025-03-30T12:13:00.026471259Z",
  "campaignName":"Example",
  "email":"[email protected]",
  "event":"campaign_recipient_message_sent"
}
		

Available Event Types

Webhooks are automatically triggered for the following campaign events, providing coverage of user interactions throughout the simulation lifecycle:

Webhook Event Types

Event Name	Trigger Description
campaign_recipient_message_sent	Email successfully delivered to recipient's mailbox
campaign_recipient_message_read	Recipient opened email (tracking pixel loaded)
campaign_recipient_before_page_visited	Pre-landing page accessed by recipient
campaign_recipient_page_visited	Main phishing landing page accessed by recipient
campaign_recipient_after_page_visited	Post-landing page accessed by recipient
campaign_recipient_submitted_data	Recipient submitted information through phishing page forms

Webhook Security and Verification

Webhook security is implemented through HMAC-SHA256 signature verification, ensuring that incoming webhook requests originate from Phishing Club and haven't been tampered with during transmission. This cryptographic verification provides confidence in the authenticity and integrity of webhook data.

When configuring a webhook with a secret key, each request includes an X-Signature header containing an HMAC-SHA256 signature of the request body. Your application can verify this signature to confirm the webhook's authenticity.

Signature Verification Implementation

The X-Signature header contains the request body signed with HMAC-SHA256 using your configured secret key. Here's an example implementation in Go for verifying webhook signatures:

bodyBytes, err := io.ReadAll(body)
if err != nil {
  log.Println("failed to read body for HMAC calculation:", err)
  http.Error(w, "failed to read body", http.StatusInternalServerError)
  return
}

h := hmac.New(sha256.New, []byte("YOUR_SECRET_KEY_HERE"))
h.Write(bodyBytes)
calculatedHMAC := hex.EncodeToString(h.Sum(nil))

// Get the signature from the header
signature := req.Header.Get("x-signature")
if calculatedHMAC != signature {
  http.Error(w, "invalid HMAC signature", http.StatusForbidden)
  return
}
		

Note: When no secret key is configured, the X-Signature header will contain the value UNSIGNED, indicating that signature verification is not available for that webhook.

Creating Webhook Endpoints

Webhook configuration enables real-time event streaming to your external systems and applications. Configure webhooks to receive notifications about campaign events, enabling automated responses and integration with your existing security infrastructure.

Webhook Configuration Settings

Setting	Description
Webhook Name	Identifier for this webhook endpoint configuration
Target URL	HTTPS endpoint URL where webhook requests will be sent for event processing
Secret Key	Secret for HMAC-SHA256 signature generation, enabling verification of webhook authenticity